Method of establishing public key cryptographic protocols against quantum computational attack

ABSTRACT

The present invention relates to information security and discloses a method of establishing public key cryptographic protocols against the quantum computational attack. The method includes the following steps: definition of an infinite non-abelian group G; choosing two private keys in G by two entities; a second entity computing y, and sending y to a first entity; the first entity computing x and z, and sending (x, z) to the second entity; the second entity computing w and v, and sending (w, v) to the first entity; the first entity computing u, and sending u to the second entity; and the first entity computing K A , and the second entity computing K B , thereby reaching a shared key K=K A =K B . The security guarantee of a public key cryptographic algorithm created by the present invention relies on unsolvability of a problem, and has an advantage of free of the quantum computational attack.

CROSS REFERENCE TO RELATED APPLICATIONS

This application claims priority of Chinese patent application No. 201310382299.7 filed on Aug. 21, 2013, the entire content of which are hereby incorporated by reference.

BACKGROUND

1. Technical Field

The present invention relates to the field of information security, and in particular, to a cryptogram technology for establishing public key cryptographic protocols against the quantum computational attack.

2. Related Art

The verification for a real identity of a person who sends and receives information, and the non-repudiation of the sentreceived information after the information is sent or received and the guarantee of the integrity of data are two important issues about the theme of modern cryptography.

Disclosure of a key cryptogram system presents excellent answers to the issues of the two aspects, and more new ideas and solutions are being generated continually. In a public key system, an encryption key is different from a decryption key. People bring an encryption key to public, so that anyone can use the encryption key; but a decryption key is only known by a person performing decryption. In modern periods, the security of a public key cryptosystem is almost based on two categories of mathematic problems that are considered to be difficult to compute, a first category being a decomposition problem of a big prime number, for example, an RSA algorithm; and a second category being a discrete logarithm problem, for example, a key exchange algorithm of Diffie-Hellman, an El Gamal algorithm, an elliptic curve public key cryptographic algorithm (ECC for short), and the like.

SUMMARY

In order to solve a problem that a hidden trouble exists in identity verification and security of data guarantee based on an existing public key cryptographic protocol, an objective of the present invention is to establish public key cryptographic protocols technology capable of resisting various known attacks, and provide various application protocols on this basis.

One manner for implementing the objective of the present invention is: a method of establishing public key cryptographic protocols against the quantum computational attack, which includes a method for generating a shared key. The method for generating a shared key is also referred to as generating a shared key protocol, and the method for generating a shared key includes the following steps:

(11) establishing an infinite non-abelian group G and two subgroups A and B of G, so that for any a∈A and any b∈B, the equation ab=ba is true;

(12) choosing, by a first entity of a protocol, an element g in G, where the first entity of the protocol chooses two elements b₁, b₂∈A as private keys, and a second entity of the protocol chooses two elements d₁, d₂∈B as private keys;

(13) choosing, by the second entity of the protocol, two elements c₁, c₂∈B, computing y=d₁c₁gc₂d₂, and sending y to the first entity of the protocol;

(14) choosing, by the first entity of the protocol, four elements a₁, a₂, b₃, b₄∈A, computing

x=b₁a₁ga₂b₂ and z=b₃a₁ya₂b₄=b₃a₁d₁c₁gc₂d₂a₂b₄,

and sending (x, z) to the second entity of the protocol;

(15) choosing, by the second entity of the protocol, two elements d₃, d₂∈B, computing

w=d₃c₁xc₂d₄=d₃c₁b₁a₁ga₂b₂c₂d₄

and

v=d₁ ¹zd₂ ¹=d₁ ¹b₃a₁d₁c₁gc₂d₂a₂b₄d₂ ¹=b₃a₁c_(1gc) ₂a₂b₄

and sending (w, v) to the first entity of the protocol;

(16) computing, by the first entity of the protocol,

u=b₁ ⁻¹wb₂ ⁻¹=b₁ ⁻¹d₃c₁a₁ga₂b₂c₂d₄b₂ ⁻¹=d₃c₁a₁ga₂c₂d₄,

and sending u to the second entity of the protocol; and

(17) computing, by the first entity of the protocol, K_(A)=b3 ⁻¹vb₄ ⁻¹=a₁c₁gc₂a₂, and computing, by the second entity of the protocol, K_(B)=d₃ ⁻¹ud₄ ⁻¹=c₁a₁ga₂c₂;

because a₁, a₂∈A, and c₁, c₂∈B, a₁ and c₁ are separately commute with a₂ and c₂ in multiplication, so that the first entity of the protocol and the second entity of the protocol reach a shared key K=K_(A)=K_(B).

In the present invention, an algebra system in which an unsolvable problem exists is first established theoretically, and second, the unsolvability of the problem is used as security guarantee to establish a public key cryptographic algorithm. The security of the algorithm and the equivalence of the unsolvable problem of the present invention prove that the present invention is immune to the quantum computational attack and the like. Because the method of establishing public key cryptographic protocols of the present invention uses an unsolvable decision problem as the security guarantee, the method is powerfully guaranteed both theoretically and in an actual application aspect, and compared with the prior art, has the following advantages:

1. The security guarantee of a built public key cryptographic algorithm relies on the unsolvability of the problem rather than the computation difficulty of the problem, (a classic public key cryptographic algorithm is based on the computation difficulty);

2. That the security of the public key cryptographic algorithm of the present invention is equivalent to the unsolvability of the problem on which the public key cryptographic algorithm relies has been proved mathematically;

3. The public key cryptographic algorithm of the present invention resists the quantum computational attack.

DETAILED DESCRIPTION

The following further describes in detail establishment of public key cryptographic protocols against the quantum computational attack according to the present invention with reference to embodiments.

1. A Platform for Establishing Public Key Cryptographic Protocols

A platform for establishing all public key cryptographic protocols is an infinite non-abelian group G and two subgroups A and B of G, so that for any a∈A and any b∈B, the equation ab=ba is true. In addition, because of demands of encoding and key generating, G must further satisfy the following conditions:

1) Any word in terms of generators of G representing an element of G has an unique computable normal form;

2) G at least is in exponential growth, that is, the number of elements whose word length is a positive integer n in G is confined to an exponential function about n;

3) Multiplication and inversion of a group based on the normal form is computable.

Therefore, a braid group B_(n) with n≧12 is taken as the infinite non-abelian group G, where B_(n) has the foregoing properties and is a group defined by the following presentation:

B _(n)=

σ₁, σ₂, . . . , σ_(n−1)|σ₁σ_(j)=σ_(j)σ₁ , |i−j|≧2, σ₁σ₁₊₁σ₁=σ₁₊₁σ₁σ₁₊₁, 1≦i≦n−2

,

the braid group B_(n) contains the following two subgroups:

let m=└n/2┘ be a maximum integer not greater than n/2, and a left braid LB_(n) and a right braid RB_(n) of the braid group B_(n) separately are

LB_(n)=

σ₁, σ₂, . . . , σ_(m−1)

and RB_(n)=

σ_(m+1), σ_(m+2), . . . , σ_(n−1)

that is, separately are subgroups generated by σ₁, σ₂, . . . , σ_(m−1) and σ_(m+1), σ_(m+2), . . . , σ_(n−1), and for any a∈ LB_(n) and any be RB_(n), ab=ba is true.

When n≧12, LB_(n) and RB_(n) separately contain a subgroup isomorphic to the direct product of F₂×F₂, that is, two free groups with ranks being 2:

IA=

σ_(m−5) ², σ_(m−4) ², σ_(m−2) ², σ_(m−1) ²

≦LB_(n)

and

RA=

σ_(m+1) ², σ_(m+2) ², σ_(m+4) ², σ_(m+5) ²,

≦RB_(n),

and then a finite presentation group H whose word problem is unsolvable and that is generated by two elements constructs a Mihailova subgroup M_(LA)(H) of LA and a Mihailova subgroup M_(RA)(H) of RA again; the following is 56 generators of M_(LA)(H), where i=m−5; and when i=m+1, 56 generators of M_(RA)(H) can be obtained:

σ_(i) ²σ_(i+3) ², σ_(i+1) ²σ_(i+4) ², S_(ij), T_(ij), j=1, 2, . . . , 27

and 27 S_(u)s are (all (7,s in the following each S_(u) are replaced with (7,₃s, and all 6,₊₁s are replaced with ₆₊₄s to obtain corresponding 27 To, where j=1, 2, . . . , 27):

S_(i 1):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹²)⁻¹     σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 2):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰)⁻¹     σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 3):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸)⁻¹     σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 4):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶)⁻¹     σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 5):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴)⁻¹     σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 6):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁻¹     σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 7):  (σ_(i)²σ_(i + 1)⁴σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹²)⁻¹     σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 8):  (σ_(i)²σ_(i + 1)⁶σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰)⁻¹     σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 9):  (σ_(i)²σ_(i + 1)⁸σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸)⁻¹     σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 10):  (σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶)⁻¹     σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 11):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁻¹     σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 12):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁻¹     σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 13):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹²)⁻¹     σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 14):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰)⁻¹     σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 15):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸)⁻¹     σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 16):  (σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²⁰σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴σ_(i)⁻⁴σ_(i + 1)⁻²⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶ S_(i, 17):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²⁰σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴ S_(i, 18):  (σ_(i)⁻⁴σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹²σ_(i)⁴σ_(i + 1)⁻¹²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻²σ_(i + 1)²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴    σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻¹⁸σ_(i)²    σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²⁻¹σ_(i + 1)²⁰(σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)²    σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     (σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)⁻²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻¹⁸σ_(i)²     σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²⁰(σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³     σ_(i)⁻⁴σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹²σ_(i)⁴σ_(i + 1)⁻¹²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰ S_(i, 19):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴    σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶     σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 20):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)²    σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴     σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)²σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 21):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)³    σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴    (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)²σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)²     σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)⁴σ_(i + 1)⁴σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)³σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 22):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁴    σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴    (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)³σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)³     σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁴σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 23):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁵    σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶    σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁴    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁴     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)³σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 24):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁶    σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸    σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁵    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁵     σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 25):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁷    σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸    σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰    (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁶     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁷σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 26):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁸    (σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁷    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁷     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶(σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 27):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹    (σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁸    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁸     σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸(σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²

2. An Embodiment for Establishing Core Protocol 1 of Public Key Cryptographic Protocols System:

In this embodiment, two entities of the protocol are separately Alice and Bob,

1) Alice and Bob jointly choose an element g in B_(n), Alice chooses two elements b₁, b₂∈LB_(n) as private keys, and Bob chooses two elements d₁, d₂∈RB_(n) as private keys;

2) Bob chooses two elements c₁, c₂∈RB_(n), computes y=d₁c₁gc₂d₂, and sends y to Alice;

3) Alice chooses four elements a₁, a₂, b₃, b₄∈LB_(n), computes

x=b ₁a₁ga₂b₂ and z=b₃a₁ya₂b₄=b₃a₁d₁c₁gc₂d₂a₂b₄,

and sends (x, z) to Bob;

4) Bob chooses two elements d₃, d₄∈RB_(n), computes

w=d₃c₁xc₂d₄=d₃c₁b₁a₁ga₂b₂c₂d₄

and

v=d ₁ ⁻¹ zd ₂ ¹ =d ₁ ⁻¹ b ₃ a ₁ d ₁ c ₁ gc ₂ d ₂ a ₂ b ₄ d ₂ ⁻¹ =b ₃ a ₁ c ₁ gc ₂ a ₂ b ₄,

and sends (w, v) to Alice; and

5) Alice computes

u=b ₁ ⁻¹ wb ₂ ⁻¹ =b ₁ ⁻¹ =d ₃ c ₁ b ₁ a ₁ ga ₂ b ₂ c ₂ d ₄ b ₂ ⁻¹ =d ₃ c ₁ a ₁ ga ₂ c ₂ d ₄,

u=b₁ ⁻¹ wb ₂ ⁻¹ =b ₁ ⁻¹ d ₃ c ₁ b ₁ a ₁ ga ₂ b ₂ c ₂ d ₄ b ₂ ⁻¹ =d ₃ c ₁ a ₁ ga ₂ c ₂ d ₄,

and sends u to Bob,

In step 4) of the foregoing protocol, because d₁, d₂∈RB_(n), and a₁, a₂, b₃, b₄∈LB_(n), d₁ ⁻¹ and d₂ ⁻¹ separately commute with b₃ and a₁ and with b₄ and a₂ in multiplication, so that a final equation in the step is obtained. Likewise, a final equation in step 5) is obtained.

On the basis of this embodiment, an exemplary embodiment for establishing a key exchange protocol is:

The following procedures are performed after the five steps in the core protocol:

6) Alice computes K_(A)=b3 ⁻¹vb₄ ⁻¹=a₁c₁gc₂a₂ and Bob computes K_(B)=d₃ ⁻¹ud₄ ⁻¹=c₁a₁ga₂c₂.

Because a₁, a₂∈LB_(n), and c₁, c₂∈RB_(n), a₁ and c₁ separately commute with a₂ and c₂ in multiplication, so that Alice and Bob reach a shared key K=K_(A)=K_(B).

On the Basis of this Embodiment, an Exemplary Embodiment for Establishing a Data Encryption Protocol is:

It is given that to-be-encrypted plaintext information (encoded) is m∈ {0, 1}^(k) (that is, a 0-1 string with a length of k), and it is given that Θ: B_(n)Δ{0, 1}^(k) is a collision-resistant Hash function from the group B_(n) to a plaintext space {0, 1}^(k). The private keys of Alice are (B_(n), LB_(n), RB_(n), g, Θ), and a₁, a₂, b₁, b₂, b₃, b₄∈LB_(n) are chosen, and the private keys are b₁ and b₂. Bob chooses c₁, c₂, d₁, d₂, d₃, d₄∈RB_(n), and uses d₁ and d₂ as the private keys. The following procedures are performed after the five steps in the core protocol:

6) Encrypting: Bob first computes K_(B)=d₃ ⁻¹ud₄ ⁻¹=c₁a₁ga₂c₂, then computes (encrypts) t=Θ(K_(B))⊕m, uses t as ciphertext, and sends the ciphertext to Alice. ⊕ herein is the exclusive or operation.

7) Decrypting: Alice first computes K_(A)=b3 ⁻¹vb₄ ⁻¹=a₁c₁gc₂a₂, then computes (decrypts)

m′=Θ(K _(A))⊕t=Θ(K _(A))⊕(Θ(K _(B))⊕m)

verification of m′=m: K_(A)=K_(B) is known according to a key exchange protocol, and therefore,

m′=Θ(K _(A))⊕(Θ(K _(B))⊕m)=Θ(K _(B))⊕(Θ(K _(B))⊕m)=(Θ(K _(B))⊕Θ(K _(B)))⊕m=m.

On the Basis of this Embodiment, an Exemplary Embodiment for Establishing a Digital Signature Protocol is:

It is given that to-be-encrypted plaintext information (encoded) is m, and it is given that Θ: B_(n)→{0, 1}^(k) is a collision-resistant Hash function. The public keys of Alice are (B_(n), LB_(n), RB_(n), g, Θ), and a₁, a₂, b₁, b₂, b₃, b₄∈LB_(n) are chosen, and the private keys are b₁ and b₂. Bob chooses c₁, c₂, d₁, d₂, d₃, d₄∈RB_(n), and uses d₁ and d₂ as the private keys. The following procedures are performed after the five steps in the core protocol:

6) Signing: Alice computes K_(A)=b₃ ⁻¹vb₄ ⁻¹=a₁c₁gc₂a₂ and S=Θ(mK_(A)), and Alice uses S as a signature of Alice for a file m and sends (S, m) to Bob.

7) Verifying: Bob computes K_(B)=d3 ⁻¹ud₄ ⁻¹=c₁a₁ga₂c₂ and S′=Θ(mK_(B)), and if S′=S, Bob acknowledges that S is the signature of Alice for the file m; otherwise, Bob refuses to accept that S is the signature of Alice for the file m.

On the Basis of this Embodiment, an Exemplary Embodiment for an Identity Authentication Protocol on the Basis of the Core Protocol is:

Alice chooses an element g in B_(n), four elements a₁, a₂, b₁, b₂∈LB_(n) and a collision-resistant Hash function Θ: B_(n)→{0, 1}^(k), and computes x=b₁a₁ga₂b₂. The public keys of Alice are (B_(n), LB_(n), RB_(n), g, x, Θ), and the private keys are b₁ and b₂.

An authentication process is:

It is given that Alice is a prover and Bob is a verifier.

1) Bob chooses six elements c₁, c₂, d₁, d₂, d₃, d₄∈RB_(n), the private keys are d₁ and d₂. Bob computes

y=d₁c₁gc₂d₂ and w=d₃c₁xc₂d₄,

uses (y, w) as challenge 1, and sends the challenge 1 to Alice;

2) Alice chooses two elements b₃, b₄∈LB_(n), computes

z=b₃a₁ya₂b₄ and u=b₁ ¹=d₃ c ₁a₁ga₂c₂d₄,

uses (z, u) as a response, and sends the response to Bob;

3) Bob computes v=d₁ ⁻¹ zd ₂ ⁻¹ =b ₃ a ₁ c ₁ gc ₂ a ₂ b ₄, uses v as challenge 2, and sends the challenge 2 to Alice;

4) Alice computes t=Θ(b₃ ⁻¹vb₄ ⁻¹ ¹)=Θ(a₁c₁gc₂a₂), uses t as a commitment, and sends the commitment to Bob;

5) Bob computes t′=Θ(d₃ ⁻¹ud₄ ⁻¹)=Θ(c₁a₁ga₂c₂), and verifies whether t=t′,

and if t=t′, Bob acknowledges an identity of Alice; otherwise, Bob refuses to acknowledge the identity.

3. An Embodiment for Establishing Core Protocol 2 of Public Key Cryptographic Protocols System:

In this embodiment, two entities of the protocol are separately Alice and Bob,

1.1) Alice and Bob jointly choose an element g in B_(n), Alice chooses two elements b₁∈LB_(n) and d₂∈RB_(n) as private keys, and Bob chooses two elements b₂∈LB_(n) and d₁∈RB_(n) as private keys;

2.1) Bob chooses two elements a₂∈LB_(n) and c₁∈RB_(n), computes y=d₁c₁ga₂b₂, and sends y to Alice;

3.1) Alice chooses four elements a₁, b₄∈LB_(n) and c₂, d₄∈RB_(n), computes

x=b₁a₁gc₂d₂ and z=b₄a₁yc₂d₄=b₄a₁d₁c₁ga₂b₂c₂d₄,

and sends (x, z) to Bob;

4.1) Bob chooses two elements b₃∈LB_(n) and d₃∈RB_(n), computes

w=d₃c₁xa₂b₃=d₃c₁b₁a₁gc₂d₂a₂b₃

and

v=d ₁ ⁻¹ zb ₂ ⁻¹ =d ₁ ⁻¹ b ₄ a ₁ d ₁ c ₁ ga ₂ b ₂ c ₂ d ₄ b ₂ ⁻¹ =b ₄ a ₁ c ₁ ga ₂ c ₂ d ₄,

and sends (w, v) to Alice; and

5.1) Alice computes

u=b ₁ ⁻¹ wd ₂ ⁻¹ =b ₁ ⁻¹ d ₃ c ₁ b ₁ a ₁ gc ₂ d ₂ a ₂ b ₃ d ₂ ⁻¹ =d ₃ c ₁ a ₁ gc ₂ a ₂ b ₃,

and sends u to Bob;

In step 4) of the foregoing protocol, because d₁, d₂∈RB_(n) and a₁, a₂, b₃, b₄∈LB_(n), d₁ ⁻¹, d₂ ⁻¹ separately commute with b₃ and a₁, and with b₄ and a₂ in multiplication, so that a final equation in the step is obtained. Likewise, a final equation in step 5) is obtained.

3.3 An application protocol

The following application protocol is established on the basis of the core protocol.

On the Basis of this Embodiment, an Exemplary Embodiment for Establishing a Key Exchange Protocol is:

the following procedures are performed after the five steps in the core protocol:

6.1) Alice computes K_(A)=b₄ ¹vd₄ ¹=a₁c₁ga₂c₂ and Bob computes K_(B)=d₃ ¹=c₁a₁gc₂a₂.

Because a₁, a₂∈LB_(n), and c₁, c₂∈RB_(n), a₁ and c₁ are separately commute with a₂ and c₂ in multiplication, so that Alice and Bob reach a shared key K=K_(A)=K_(B).

On the Basis of this Embodiment, an Exemplary Embodiment for Establishing a Data Encryption Protocol is:

It is given that to-be-encrypted plaintext information (encoded) is m∈{0, 1}^(k) (that is, a 0-1 string with a length of k), and it is given that Θ: B_(n)→{0, 1}^(k) is a collision-resistant Hash function from the group B_(n) to a plaintext space {0, 1}^(k). The public keys of Alice are (B_(n), LB_(n), RB_(n), g, Θ), a₁, b₁, b₄∈LB_(n) and c₂, d₂, d₄∈RB_(n) are chosen, and the private keys are b₁ and d₂. Bob chooses a₂, b₂, b₃∈LB_(n) and c₁, d₁, d₃∈RB_(n), and uses d₁ and b₂ as the private keys. The following procedures are performed after the five steps in the core protocol:

6.1) Encrypting: Bob first computes K_(B)=d₃ ⁻²ub₃ ⁻¹=c₁a₁gc₂a₂, then computes (encrypts) t=Θ(K_(B))⊕m, uses t as ciphertext, and sends the ciphertext to Alice. ⊕ herein is the exclusive or operation.

7.1) Decrypting: Alice first computes K_(A)=b4 ⁻¹vd₄ ⁻¹=a₁c₁ga₂c₂, then computes (decrypts)

m′=(K _(A))⊕t=Θ(K _(A))⊕(Θ(K _(B))⊕m)

verification of m′=m: K_(A)=K_(B) is known according to a key exchange protocol, and therefore,

m′=Θ(K _(A))⊕(Θ(K _(B))⊕m)=Θ(K _(B))⊕(Θ(K _(B))⊕m)=(Θ(K _(B))⊕Θ(K _(B)))⊕m=m.

On the Basis of this Embodiment, an Exemplary Embodiment for Establishing a Digital Signature Protocol is:

It is given that to-be-encrypted plaintext information (encoded) is m, and it is given that Θ: B_(n)→{0, 1}^(k) is a collision-resistant Hash function. The public keys of Alice are (B_(n), LB_(n), RB_(n), g, Θ), a₁, b₁, b₄∈LB_(n) and c₂, d₂, d₄ ∈RB_(n) are chosen, and the private keys are b₁ and d₂. Bob chooses a₂, b₂, b₃∈LB_(n) and c₁, d₁, d₃∈RB_(n), and uses d₁ and b₂ as the private keys. The following procedures are performed after the five steps in the core protocol:

6.1) Signing: Alice computes K_(A)=b4 ⁻¹vd₄ ⁻¹=a₁c₁ga₂c₂ and S=Θ(mK_(A)), and Alice uses S as a signature of Alice for a file m and sends (S, m) to Bob.

6.2) Verifying: Bob computes K_(B)=d3 ⁻¹ub₃ ⁻¹=c₁a₁gc₂a₂ and S′=Θ(mK_(B)), and if S′=S, Bob acknowledges that S is the signature of Alice for the file m; otherwise, Bob refuses to accept that S is the signature of Alice for the file m.

On the Basis of this Embodiment, an Exemplary Embodiment for an Identity Authentication Protocol on the Basis of the Core Protocol is:

Alice chooses an element g in B_(n), four elements a₁, b₁∈LB_(n) and c₂, d₂∈RB_(n), and a collision-resistant Hash function Θ: B_(n)→{0, 1}^(k), and computes x=b₁a₁gc₂d₂. The public keys of Alice are (B_(a), LB_(n), RB_(n), g, x, Θ), and the private keys are b₁ and d₂.

An authentication process is:

It is given that Alice is a prover and Bob is a verifier.

6.1) Bob chooses six elements c₁, d₁, d₃∈RB_(n) and a₂, b₂, b₃∈LB_(n), and the private keys are b₂ and d₁. Bob computes

y=d₁c₁ga₂b₂ and w=d₃c₁xa₂b₃,

uses (y, w) as challenge 1, and sends the challenge 1 to Alice;

6.2) Alice chooses two elements b₄∈LB_(n) and d₄∈RB_(n), computes

z=b₄a₁yc₂d₄ and u=b₁ ⁻¹wd₂ ⁻¹=d₃c₁a₁gc₂a₂b₃,

uses (z, u) as a response, and sends the response to Bob;

6.3) Bob computes v=d₁ ⁻¹zb₂ ⁻¹=b₄a₁c₁ga₂c₂d₄, uses v as challenge 2, and sends the challenge 2 to Alice;

6.4) Alice computes t=Θ(b₄ ⁻¹vd₄ ⁻¹)=Θ(a₁c₁ga₂c₂), uses t as a commitment, and sends the commitment to Bob;

6.5) Bob computes t′=(d₃ ⁻¹ub₃ ⁻¹)=Θ(c₁a₁gc₂a₂), and verifies whether t=t′, and if t=t′, Bob acknowledges an identity of Alice; otherwise, Bob refuses to acknowledge the identity.

4. Security Analysis

We may only provide the security of a key exchange protocol.

First, definitions of three determining problems of a group are provided.

a subgroup membership problem (subgroup membership problem or generalized word problem, GWP for short): given a subgroup H whose generator set is X in group G, whether any element g in G can be represented by a word on Xis determined, that is, whether g is an element in H is determined.

an element decomposition search problem (decomposition search problem, DSP for short): given that g and h are two elements in group G. It is known that two elements c and d exist in G, so that h=cgd. Decide whether two elements c′ and d′ in G can be obtained, so that h=c′gd′

a generalized element decomposition search problem (generalized decomposition search problem, GDSP for short): given that g and h are two elements in group G, and H and K are two subgroups in G. It is known that an element c of H and an element d of K exist, so that h=cgd. Decide whether an element c′ of H and an element d′ of K can be obtained, so that h=c′gd′.

The DSP can be solved easily by letting c′=g⁻¹ and d′=h. The decidability of the GDSP is not determined. However, for a decomposition equation h=cgd (c and d are unknown) in an infinite non-abelian group, it is impossible to certainly solve c and d. Because people do not know values of c and d, even if they enable h=c′gd′ by using so-called “solutions” c′ and d′ which are obtained through computation by solving the GDSP problem, they also cannot determine whether c′=c and d′=d. Particularly, if c and d are separately taken from subgroups C and D with an unsolvable GWP problem, a solver not only cannot determine whether c′=c and d′=d, but also cannot determine whether c′ and d′ respectively are elements in C and D.

In core protocol 1, information that can be acquired by an attacker Eve by using disclosed information and an interactive process with Alice and Bob is as follows:

an infinite non-abelian group G and two subgroups A and B in G, so that for any α∈A and any b∈B, ab=ba is true, an element g in G, and the following elements in G:

y=d₁c₁gc₂d₂, x=b₁a₁ga₂b₂, z=b₃a₁d₁c₁gc₂d₂a₂b₄, w=d₃c₁b₁a₁ga₂b₂c₂d₄, and

v=b₃a₁c₁gc₂a₂b₄ and u=d₃c₁a₁ga₂c₂d₄

It should be noted that Eve only knows x, y, z, w, u and v, but does not know corresponding decomposition expressions. If Eve can obtain c₁′, c₂′∈B, and a₁′, a₂′∈A by solving the GDSP problem, so that a₁′ga₂′=a₁ga₂ and c₁′gc₂′=c₁gc₂, according to the multiplication commutativity of elements in A and B, it is obtained that

c₁ ′a ₁ ′ga ₂ ′c ₂ ′=c ₁ ′a ₁ ga ₂ c ₁ ′=a ₁ c ₁ ′gc ₂ ′a ₂ =a ₁ c ₁ gc ₂ a ₂ =K

and therefore, Eve needs to first obtain elements a₁ga₂ and c₁gc₂.

Because Eve does not know a₁ga₂ and c₁gc₂, she cannot strip b₁ and b₂ from x to obtain a₁ga₂, or strip d₁ and d₂ from y to obtain c₁gc₂. Eve knows w=b₁ub₂ and z=d₁vd₂ (but does not know b₁ and b₂, and d₁ and d₂). Now, even if Eve can solve the GDSP problem, to obtain b₁′, b₂′ ∈A, and d₁′, d₂′ ∈B, so that b₁ub₂′=b₁ub₂ and d₁′vd₂′=d₁vd₂, she also cannot determine b₁′=b₁, b₂′=b₂, and d₁′=d₁, d₂′=d₂. Therefore, Eve still cannot strip b₁ and b₂ from x to obtain a₁ga₂, or strip d₁ and d₂ from y to obtain c₁gc₂.

Particularly, in a specific implementation solution, a braid group B, with Tz12 is taken as an infinite non-abelian group G, subgroups LB_(n) and RB_(n) of B, are taken as A and B respectively, and private keys b₁ and b₂, and private keys d₁ and d₂ are respectively chosen from a Mihailova subgroup M_(LA)(H) of LB_(n) and a Mihailova subgroup M_(RA)(_(H)) of RB_(n). In the foregoing attack of Eve, she obtains b₁′, b₂′∈LB_(n) and d₁′, d₂′∈RB_(n) by solving the GDSP problem, so that b₁′ub₂′=b₁ub₂ and d₁′vd₂′=d₁vd₂. She must determine b₁′=b₁, b₂′=b₂ and d₁′=d₁, d₂′=d₂. Because b₁, b₂EM_(M)(H) and d₁, d₂ EM_(RA)(H), she must first determine whether b₁′, b₂′∈M_(LA)(H), and whether d₁′, d₂′ ∈M_(RA)(H). However, the GWP problems of M_(LA)(H) and M_(RA)(H) are unsolvable, so that Eve cannot carry out an attack even if she uses a quantum computational system.

In core protocol 2, information that can be acquired by an attacker Eve by using disclosed information and an interactive process with Alice and Bob is as follows:

an infinite non-abelian group G and two subgroups A and B in G, so that for any a∈A and any b∈B, ab=ba is true, an element g in G, and the following elements in G:

y=cl₁c₁ga₂b₂, x=b₁a₁gc₂d₂, z=b₄a₁d₁c₁ga₂b₂c₂d₄, w=d₃c₁b₁a₁gc₂d₂a₂b₃,

and

v=b₄a₁c₁ga₂c₂d₄ and u=d₃c₁a₁gc₂a₂b₃

It should be noted that, Eve only knows x, y, z, w, u, and v, but does not know corresponding decomposition expressions. If Eve can obtain c₁′, c₂′∈B, and a₁′, a₂′∈A by solving the GDSP problem, so that a₁′gc₂′=a₁gc₂ and c₁′ga₂′=c₁ga₂, according to the multiplication commutativity of elements in A and B, it is obtained that

c ₁′a₁′gc₂′a₂′=c₁′a₁gc₂c₁′=a₁c₁′ga₂′c₂=a₁c₁ga₂c₂=K

and therefore, Eve needs to first obtain elements a₁gc₂ and c₁ga₂.

Because Eve does not know a₁gc₂ and c₁ga₂, she cannot strip b₁ and d₂ from x to obtain a₁gc₂, or strip d₁ and b₂ from y to obtain c₁ga₂. Eve knows w=b₁ud₂ and z=d₁vb₂ (but does not know b₁ and b₂, and d₁ and d₂). Now, even if Eve can solve the GDSP problem, to obtain b₁′, b₂′∈A, and d₁′, d₂′∈B, so that b₁′ud₂′=b₁ud₂ and d₁′vb₂′=d₁vb₂, she also cannot determine b₁′=b₁, b₂′=b₂ and d₁′=d₁, d₂′=d₂. Therefore, Eve still cannot strip b₁ and d₂ from x to obtain a₁gc₂, or strip d₁ and b₂ from y to obtain c₁ga₂.

Particularly, in a specific implementation solution, a braid group B, with i^(,) 12 is taken as an infinite non-abelian group G, subgroups LB_(n) and RB_(n) of B_(n) are taken as A and B respectively, and private keys b₁ and b₂, and private keys d₁ and d₂ are respectively chosen from a Mihailova subgroup M_(LA)(H) of LB, and a Mihailova subgroup M_(RA)(H) of RB_(n). In the foregoing attack of Eve, she obtains b₁′, b₂′ ∈LB_(n) and d₁′, d₂′∈RB_(n) by solving the GDSP problem, so that b₁′ud₂′=b₁ud₂ and d₁′vb₂′=d₁vb₂. She must determine b₁′=b₁, b₂′=b₂ and d₁′=d₁, d₂′=d₂. Because b₁, b₂∈ M_(RA)(H) and d₁, d₂E M_(RA)(H), she must first determine whether b₁′, b₂′∈M_(LA)(H), and whether d₁′, d₂′∈M_(RA)(H). However, the GWP problems of M_(LA)(H) and M_(RA)(H) are unsolvable, so that Eve cannot carry out an attack even if she uses a quantum computational system.

5. Choosing of a Parameter

In an exemplary embodiment, a braid group B, has an exponent of n≧12, subgroups in each protocol are A=LB_(n) and B=RB_(n), choosing of a₁, a₂, c₁, and c₂ needs to satisfy that their product a₁a₂c₁c₂ is not less than 256 bits, each of private keys b₁, b₂, d₁ and d₂ is not less than 256 bits, and each of protection layer elements b₃, b₄, d₃, and d₄ is not less than 128 bits.

It is particularly pointed out that, to resist the quantum computational attack, it is suggested that private keys b₁ and b₂, and d₁ and d₂ be respectively chosen from Mihailova subgroups M_(LA)(H) and M_(RA)(H) of the braid group B_(n). Therefore, because of the unsolvability of the GWP of M_(LA)(H) and M_(RA)(H), as described in the security analysis, even if a quantum computational system is used, b₁ and b₂, and d₁ and d₂ also cannot be attacked.

The foregoing describes the method of establishing public key cryptographic protocols against the quantum computational attack according to the present invention, so as to help to understand the present invention. However, the implementation manners of the present invention are not limited by the foregoing embodiments, any variation, modification, replacement, combination, and simplification made without departing from the principle of the present invention shall be an equivalent replacement manner and fall within the protection scope of the present invention. 

What is claimed is:
 1. A method of establishing public key cryptographic protocols against the quantum computational attack, comprising a method for generating a shared key, wherein the method for generating a shared key comprises the following steps: (11) establishing an infinite non-abelian group G and two subgroups A and B of G, so that for any a ∈A and any b∈B, the equation ab=ba is true; (12) choosing, by a first entity of a protocol, an element g in G, wherein the first entity of the protocol chooses two elements b₁, b₂∈A as private keys, and a second entity of the protocol chooses two elements d₁, d₂∈B as private keys; (13) choosing, by the second entity of the protocol, two elements c₁, c₂∈B, computing y=d₁c₁gc₂d₂, and sending y to the first entity of the protocol; (14) choosing, by the first entity of the protocol, four elements a₁, a₂, b₃, b₄∈A, computing x=b₁a₁ga₂b₂ and z=b₃a₁ya₂b₄=b₃a₁d₁c₁gc₂d₂a₂b₄, and sending (x, z) to the second entity of the protocol; (15) choosing, by the second entity of the protocol, two elements d₃, d₄∈B, computing w=d₃c₁xc₂d₄=d₃c₁b₁a ₁ga₂b₂c₂d₄ and v=d ₁ ⁻ zd ₂ ⁻¹ =d ₁ ⁻¹ b ₃ a ₁ d ₁ c ₁ gc ₂ d ₂ a ₂ b ₄ d ₂ ⁻¹ =b ₃ a ₁ c ₁ gc ₂ a ₂ b ₄ and sending (w, v) to the first entity of the protocol; (16) computing, by the first entity of the protocol, u=b ₁ ⁻¹ wb ₂ ⁻¹ =b ₁ ⁻¹ d ₃ c ₁ b ₁ a ₁ ga ₂ b ₂ c ₂ d ₄ b ₂ ⁻¹ =d ₃ c ₁ a ₁ ga ₂ c ₂ d ₄, and sending u to the second entity of the protocol; and (17) computing, by the second entity of the protocol, K_(B)=b₃ ⁻¹vb₄ ⁻¹=a₁c₁gc₂a₂, and computing, by the second entity of the protocol, K_(B)=d₃ ⁻¹=c₁a₁ga₂c₂; because a₁, a₂∈A, and c₁, c₂∈B, a₁ and c₁ are separately commute with a₂ and c₂ in multiplication, so that the first entity of the protocol and the second entity of the protocol reach a shared key K=K_(A)=K_(B).
 2. The method of establishing public key cryptographic protocols against the quantum computational attack according to claim 1, further comprising a method for encrypting and decrypting information data, wherein the method for encrypting and decrypting information data comprises the following steps: (21) defining to-be-encrypted encoded plaintext information as m∈{0, 1}^(k), that is, a 0-1 string with a length of k; and defining Θ: G→{0, 1}^(k) as a collision-resistant Hash function from the group G to a plaintext space {0, 1}^(k), and choosing, by the first entity of the protocol, (G, A, B, g, Θ) as a public key of the first entity of the protocol; (22) encrypting: the second entity of the protocol first computes K_(B)=d₃ ⁻¹ud4 ⁻¹=c₁a₁ga₂c₂, then performs encryption computation: t=Θ(K_(B))⊕m, uses t as ciphertext, and sends the cyphertext to the first entity of the protocol, wherein ⊕ is the exclusive or operation; (23) decrypting: the first entity of the protocol first computes K_(A)=b3 ⁻¹vb₄ ⁻¹=a₁c₁gc₂a₂, and then performs decryption computation: m′=Θ(K_(A))⊕t=Θ(K_(A))⊕(Θ(K_(B))⊕m); and (24) verification of m′=m: K_(A)=K_(B) is known according to a key exchange protocol, and therefore, m′=Θ(K _(A))⊕(Θ(K _(B))⊕m)=Θ(K _(B))⊕(Θ(K _(B))⊕m)⊕m(Θ(K _(B))⊕Θ(K _(B)))⊕m=m.
 3. The method of establishing public key cryptographic protocols against the quantum computational attack according to claim 1, further comprising a method for writing a digital signature, wherein the method for writing a digital signature comprises the following steps: (31) defining to-be-signed encoded plaintext information as p, and defining Θ: G→{0, 1}^(k) as a collision-resistant Hash function, and choosing, by the first entity of the protocol, (G, A, B, g, Θ) as a public key of the first entity of the protocol; (32) signing: the first entity of the protocol computes K_(A)=b₃ ⁻¹vb₄ ⁻¹=a₁c₁gc₂a₂ and S=Θ(pK_(A)), and the first entity of the protocol uses S as a signature of the first entity of the protocol for information p and sends (S, p) to the second entity of the protocol; and (33) verifying: the second entity of the protocol computes K_(B)=d₃ ⁻¹ud₄ ⁻¹=c₁a₁ga₂c₂ and S′=Θ(pK_(B)), and if S′=S, the second entity of the protocol acknowledges S as the signature of the first entity of the protocol for the information p; otherwise, the second entity of the protocol refuses to accept that S is the signature of the first entity of the protocol for the information p.
 4. The method of establishing public key cryptographic protocols against the quantum computational attack according to claim 1, further comprising: an identity authentication method, wherein the first entity of the protocol is a prover, and the second entity of the protocol is a verifier; and the identity authentication method comprises the following steps: (41) choosing, by the first entity of the protocol, a collision-resistant Hash function Θ: G→{0, 1}^(k), and choosing, by the first entity of the protocol, (G, A, B, g, Θ) as a public key of the first entity of the protocol; (42) computing, by the second entity of the protocol, y=d₁c₁gc₂d₂ and w=d₃c₁xc₂d₄, using (y, w) as challenge 1, and sending the challenge 1 to the first entity of the protocol; (43) computing, by the first entity of the protocol, z=b ₃ a ₁ ya ₂ b ₄ and u=b ₁ ⁻¹ wb ₂ ⁻¹ =d ₃ c ₁ a ₁ ga ₂ c ₂ d ₄, using (z, u) as a response, and sending the response to the second entity of the protocol; (44) computing, by the second entity of the protocol, v=d₁ ⁻¹=b₃a₁ c ₁ gc ₂ a ₂ b ₄, using v as challenge 2, and sending the challenge 2 to the first entity of the protocol; (45) computing, by the first entity of the protocol, t=Θ(b₃ ⁻¹vb₄ ⁻¹)=Θ(a₁c₁gc₂a₂), using t as a commitment, and sending the commitment to the second entity of the protocol; and (46) computing, by the second entity of the protocol, t=Θ(d₃ ⁻¹ud₄ ⁻¹)=Θ(c₁a₁ga₂c₂), and verifying whether t=t′, and if t=t′, acknowledging, by the second entity of the protocol, an identity of the first entity of the protocol; otherwise, refusing to acknowledge the identity.
 5. A method of establishing public key cryptographic protocols against the quantum computational attack, comprising a method for generating a shared key, wherein the method for generating a shared key comprises the following steps: (11.1) establishing an infinite non-abelian group G and two subgroups A and B of G, so that for any a ∈A and any beB, the equation ab=ba is true; (12.1) choosing, by a first entity of a protocol, an element g in G, wherein the first entity of the protocol chooses two elements b₁₀∈A and d₂₀∈B as private keys, and a second entity of the protocol chooses two elements b₂₀∈A and d₁₀eB as private keys; (13.1) choosing, by the second entity of the protocol, two elements a₂₀∈A and c₁₀B, computing y=d₁₀c₁₀ga₂₀b₂₀, and sending y to the first entity of the protocol; (14.1) choosing, by the first entity of the protocol, four elements a₁₀, b₄₀∈A and c₂₀, d₄₀∈B, computing x=b₁₀a₁₀gc₂₀d₂₀ and z=b₄₀a₁₀yc₂₀d₄₀=b₄₀a₁₀d₁₀c₁₀ga₂₀b₂₀c₂₀d₄₀, and sending (x, z) to the second entity of the protocol; (15.1) choosing, by the second entity of the protocol, two elements b₃₀∈A and d₃₀∈B, computing w=d₃₀c₁₀xa₂₀b₃₀=d₃₀c₁₀b₁₀a₁₀gc₂₀d₂₀a₂₀b₃₀ and v=d ₁₀ ⁻¹ zb ₂₀ ⁻¹ =d ₁₀ ⁻¹ b ₄₀ a ₁₀ d ₁₀ c ₁₀ ga ₂₀ b ₂₀ c ₂₀ d ₄₀ b ₂₀ ⁻¹ =b ₄₀ a ₁₀ c ₁₀ ga ₂₀ c ₂₀ d ₄₀, and sending (w, v) to the first entity of the protocol; (16.1) computing, by the first entity of the protocol, u=b ₁₀ ⁻¹ wd ₂₀ ⁻¹ =b ₁₀ ⁻¹ d ₃₀ c ₁₀ b ₁₀ a ₁₀ gc ₂₀ d ₂₀ a ₂₀ b ₃₀ d ₂₀ ⁻¹ =d ₃₀ c ₁₀ a ₁₀ gc ₂₀ a ₂₀ b ₃₀, and sending u to the second entity of the protocol; and (17.1) computing, by the first entity of the protocol, K_(A)=b₄₀ ⁻¹vd₄₀ ⁻¹=a₁₀c₁₀ga₂₀c₂₀, and computing, by the second entity of the protocol, K_(B)=d₃₀ ⁻¹=ub₃₀ ⁻¹=c₁₀a₁₀gc₂a₂; because a₁₀, a₂₀∈A, and c₁₀, c₂₀∈B, a₁₀ and c₁₀ are separately commute with a₂₀ and c₂₀ in multiplication, so that the first entity of the protocol and the second entity of the protocol reach a shared key K=K_(A)=K_(B).
 6. The method of establishing public key cryptographic protocols against the quantum computational attack according to claim 5, further comprising a method for encrypting and decrypting information data, wherein the method for encrypting and decrypting information data comprises the following steps: (21.1) defining to-be-encrypted encoded plaintext information as m∈{0, 1}^(k), that is, a 0-1 string with a length of k; and defining Θ: G→{0, 1}^(k) as a collision-resistant Hash function from the group G to a plaintext space {0, 1}^(k), and choosing, by the first entity of the protocol, (G, A, B, g, Θ) as a public key of the first entity of the protocol; (22.1) encrypting: the second entity of the protocol first computes K_(B)=d₃₀ ⁻¹ub₃₀ ⁻¹=c₁₀a₁₀gc₂₀a₂₀, then performs encryption computation: t=Θ(K_(B))⊕m, uses t as ciphertext, and sends the ciphertext to the first entity of the protocol, wherein ⊕ is the exclusive or operation; (23.1) decrypting: the first entity of the protocol first computes K_(A)=b₄₀ ⁻¹vd₄₀ ⁻¹=a₁₀c₁₀ga₂₀c₂₀, and then performs decryption computation: m′=Θ(K_(A))⊕t=Θ(K_(A))⊕(Θ(K_(B))⊕m); and (24.1) verification of m′=m: K_(A)=K_(B) is known according to a key exchange protocol, and therefore, m′=Θ(K _(A))⊕(Θ(K _(B))⊕m)=Θ(K _(B))⊕(Θ(K _(B))⊕m)=(Θ(K _(B))⊕Θ(K _(B)))⊕m=m.
 7. The method of establishing public key cryptographic protocols against the quantum computational attack according to claim 5, further comprising a method for writing a digital signature, wherein the method for writing a digital signature comprises the following steps: (31.1) defining to-be-signed encoded plaintext information as p, and defining Θ: G→{0, 1}^(k) as a collision-resistant Hash function, and choosing, by the first entity of the protocol, (G, A, B, g, Θ) as a public key of the first entity of the protocol; (32.1) signing: the first entity of the protocol computes K_(A)=b₄₀ ⁻¹vd₄₀ ⁻¹=a₁₀c₁₀ga₂₀c₂₀ and S=Θ(pK_(A)), the first entity of the protocol uses S as a signature of the first entity of the protocol for information p and sends (S, p) to the second entity of the protocol; and (33.1) verifying: the second entity of the protocol computes K_(B)=d₃₀ ⁻¹ub₃₀ ⁻¹=c₁₀a₁₀gc₂₀a₂₀ and S′=Θ(pK_(B)), and if S′=S, the second entity of the protocol acknowledges S as the signature of the first entity of the protocol for the information p; otherwise, the second entity of the protocol refuses to accept that S is the signature of the first entity of the protocol for the information p.
 8. The method of establishing public key cryptographic protocols against the quantum computational attack according to claim 5, further comprising an identity authentication method, wherein the first entity of the protocol is a prover, and the second entity of the protocol is a verifier; and the identity authentication method comprises the following steps: (41.1) choosing, by the first entity of the protocol, a collision-resistant Hash function Θ: G→{0, 1}^(k), and choosing, by the first entity of the protocol, (G, A, B, g, Θ) as a public key of the first entity of the protocol; (42.1) computing, by the second entity of the protocol, y=d₁₀c₁₀ga₂₀b₂₀ and w=d₃₀c₁₀xa₂₀b₃₀, using (y, w) as challenge 1, and sending the challenge 1 to the first entity of the protocol; (43.1) computing, by the first entity of the protocol, z=b ₄₀ a ₁₀ yc ₂₀ d ₄₀ and u=b ₁₀ ⁻¹ wd ₂₀ ⁻¹ =d ₃₀ c ₁₀ a ₁₀ gc ₂₀ a ₂₀ b ₃₀, using (z, u) as a response, and sending the response to the second entity of the protocol; (44.1) computing, by the second entity of the protocol, v=d₁₀ ⁻¹zb₂₀ ⁻¹=b₄₀a₁₀c₁₀ga₂₀c₂₀d₄₀, using v as challenge 2, and sending the challenge 2 to the first entity of the protocol; (45.1) computing, by the first entity of the protocol, t=Θ(b₄₀ ⁻¹vd₄₀ ⁻¹)=Θ(a₁₀c₁₀ga₂₀c₂₀), using t as a commitment, and sending the commitment to the second entity of the protocol; and (46.1) computing, by the second entity of the protocol, t′=Θ(d₃₀ ⁻¹ub₃₀ ⁻¹)=Θ(c₁₀a₁₀gc₂₀a₂₀), and verifying whether t=t′, and if t=t′, acknowledging, by the second entity of the protocol, an identity of the first entity of the protocol; otherwise refusing to acknowledge the identity.
 9. The method of establishing public key cryptographic protocols against the quantum computational attack according to any one of claims 1, wherein the infinite non-abelian group G is a braid group, and the braid group has Mihailova subgroups with subgroup membership problem unsolvable, and the private key is chosen from the Mihailova subgroup; a braid group n≧12 with n is taken as the infinite non-abelian group G, and is a group defined by the following presentation: B _(n)=

σ₁, σ₂, . . . , σ_(n−1)|σ_(i)σ_(j)=σ_(j)σ_(i), |i−j|≧2, σ_(i)σ_(i+1)σ_(i)=σ_(i+1)σ_(i)σ_(i+1), 1≦i≦n−2

the braid group B_(n) contains the following two subgroups: let m=└n/2┘ be a maximum integer not greater than n/2, and a left braid LB_(n) and a right braid RB_(n) of the braid group B_(n) separately are: LB_(n)=

σ₁, σ₂, . . . , σ_(m−1)

and RB_(n)=

σ_(m+1), σ_(m+2), . . . , σ_(n−1)

that is, separately are subgroups generated by σ₁, σ₂, . . . , σ_(m−1) and σ_(m+1), σ_(m−2), . . . , σ_(n−1), and for any a∈LB_(n) and any b∈RB_(n), ab=ba is true, LB_(n) is taken as subgroup A of G, and RB_(n) is taken as subgroup B of G; when n≧12, LB_(n) and RB_(n) separately contain a subgroup isomorphic to F₂×F₂, that is, subgroups isomorphic to the direct product of two free groups with ranks being 2: LA=

σ_(m 5) ², σ_(m 4) ², σ_(m 2) ², σ_(m 1) ²

≦LB_(n) and RA=

σ_(m+1) ², σ_(m+2), σ_(m+4) ², σ_(m+5) ²

≦RB_(n); and then a finite presentation group H whose word problem is unsolvable and that is generated by two elements constructs a Mihailova subgroup M_(LA)(H) of LA and a Mihailova subgroup M_(RA)(H) of RA; the following is 56 generators of M_(LA)(H), wherein i=m-5; and when i=m+1, 56 generators of M_(RA)(H) can be obtained: σ_(i) ²σ_(i+3) ², σ_(i+1) ²σ_(i+4) ², S_(ij), T_(ij), j=1, 2, . . . , 27 and 27 S_(ij)s are: S_(i 1):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹²)⁻¹     σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 2):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰)⁻¹     σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 3):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸)⁻¹     σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 4):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶)⁻¹     σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 5):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴)⁻¹     σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹     σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 6):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁻¹     σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 7):  (σ_(i)²σ_(i + 1)⁴σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹²)⁻¹     σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 8):  (σ_(i)²σ_(i + 1)⁶σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰)⁻¹     σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i 9):  (σ_(i)²σ_(i + 1)⁸σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸)⁻¹     σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 10):  (σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶)⁻¹     σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 11):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁻¹     σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 12):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁻¹     σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 13):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹²)⁻¹     σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 14):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰)⁻¹     σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 15):  (σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸)⁻¹     σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)² S_(i, 16):  (σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²⁰σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴σ_(i)⁻⁴σ_(i + 1)⁻²⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶ S_(i, 17):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²⁰σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻²⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴ S_(i, 18):  (σ_(i)⁻⁴σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹²σ_(i)⁴σ_(i + 1)⁻¹²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻²σ_(i + 1)²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴    σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻¹⁸σ_(i)²    σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²⁻¹σ_(i + 1)²⁰(σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)²    σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     (σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)⁻²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻¹⁸σ_(i)²     σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²⁰σ_(i)⁴σ_(i + 1)⁻²⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²⁰(σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³     σ_(i)⁻⁴σ_(i + 1)⁻¹²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹²σ_(i)⁴σ_(i + 1)⁻¹²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰ S_(i, 19):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴    σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶     σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 20):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)²    σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴     σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)²σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 24):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁶    σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸    σ_(i)⁻⁴σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁴σ_(i)⁴σ_(i + 1)⁻⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁵    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁵     σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 25):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁷    σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸    σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰    (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁶     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶σ_(i)⁻⁴σ_(i + 1)⁻¹⁰σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁰σ_(i)⁴σ_(i + 1)⁻¹⁰σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁰     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁷σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 26):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁸    (σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁷    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁷     σ_(i)⁻⁴σ_(i + 1)⁻⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁶σ_(i)⁴σ_(i + 1)⁻⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁶(σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁸σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² S_(i, 27):  (σ_(i + 1)⁻⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁸(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁹    (σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³(σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁸    σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²)⁻¹     σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴(σ_(i)⁻⁴σ_(i + 1)⁻¹⁴σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁴σ_(i)⁴σ_(i + 1)⁻¹⁴σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁴)⁸     σ_(i)⁻⁴σ_(i + 1)⁻⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)⁸σ_(i)⁴σ_(i + 1)⁻⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)⁸(σ_(i)⁻⁴σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)²σ_(i)⁴σ_(i + 1)⁻²σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)²)³     (σ_(i)⁻⁴σ_(i + 1)⁻¹⁶σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁶σ_(i)⁴σ_(i + 1)⁻¹⁶σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)¹⁶)⁹σ_(i)⁻⁴σ_(i + 1)⁻¹⁸σ_(i)²σ_(i + 1)²σ_(i)⁻²σ_(i + 1)¹⁸σ_(i)⁴σ_(i + 1)⁻¹⁸σ_(i)⁻²σ_(i + 1)⁻²σ_(i)²σ_(i + 1)² all σ_(i)s in the foregoing each S_(ij) are replaced with σ_(i+3)s, and all σ_(i+1)s are replaced with σ_(i+4)s, to obtain corresponding 27 T_(ij)s, wherein j=1, 2, . . . ,
 27. 10. The method of establishing public key cryptographic protocols against the quantum computational attack according to claim 9, wherein the braid group B_(n) has an exponent of n≧12; the subgroup is A=LB_(n) and B=RB_(n); choosing of a₁, a₂, c₁, and c₂ satisfies that their product a₁c₁ga₂c₂ is not less than 256 bits or the choosing of a₁₀, a₂₀, c₁₀ and c₂₀ satisfies that their product a₁₀c₁₀ga₂₀c₂₀ is not less than 256 bits; the private keys b₁, b₂, d₁, and d₂ or b₁₀, b₂₀, d₁₀, and d₂₀ are all not less than 256 bits; and each of protection layer elements b₃, b₄, d₃, and d₄ or b₃₀, b₄₀, d₃₀, and d₄₀ is not less than 128 bits. 